CVE-2023-24022 Vulnerability Details

  /     /     /  

CVE-2023-24022 Metadata Quick Info

CVE Published: 24/01/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: Baicells | Vendor: Baicells | Product: Nova 227
Status : PUBLISHED

---

CVE-2023-24022 Description

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)

Metrics

CVSS Version: 3.1 | Base Score: 10 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-284
CWE Name: CWE-284: Improper Access Control
Source: Baicells

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-395
CAPEC Description: CAPEC-395 Bypassing Electronic Locks and Access Controls


Source: NVD (National Vulnerability Database).